<!--

    Copyright (c) 2005, 2018 Oracle and/or its affiliates. All rights reserved.
    Portions Copyright &#169; [2017-2020] Payara Foundation and/or affiliates.

    This program and the accompanying materials are made available under the
    terms of the Eclipse Public License v. 2.0, which is available at
    http://www.eclipse.org/legal/epl-2.0.

    This Source Code may also be made available under the following Secondary
    Licenses when the conditions for such availability set forth in the
    Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
    version 2 with the GNU Classpath Exception, which is available at
    https://www.gnu.org/software/classpath/license.html.

    SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0

-->
<!-- Portions Copyright [2020] [Payara Foundation and/or its affiliates] -->
<p><a id="ref-editjdbcrealm" name="ref-editjdbcrealm"></a><a id="GHCOM00102" name="GHCOM00102"></a></p>

<h4><a id="sthref204" name="sthref204"></a><a id="sthref205" name="sthref205"></a>Properties Specific to the <code>JDBCRealm</code> Class</h4>
<a name="BEGIN" id="BEGIN"></a>
<p>To protect your web pages or web applications, you can set the security so that only registered users can access them. This is known as the authentication facility. This type of realm involves storing the credentials of your users inside a database. The Payara Server uses the database information and the enabled JDBC realm option inside the configuration file.</p>
<p>The following properties are required for a JDBC realm.</p>
<dl>
<dt>JAAS Context</dt>
<dd>
<p>The JAAS (Java Authentication and Authorization Service) context (the identifier for the login module to use for this realm). The only valid value is <code>jdbcRealm</code>.</p>
</dd>
<dt>JNDI</dt>
<dd>
<p>The JNDI name for this realm. The default value is <code>jdbc/security</code>.</p>
</dd>
<dt>User Table</dt>
<dd>
<p>The table that contains a list of authorized users for this realm. The default value is <code>usertable</code>.</p>
</dd>
<dt>User Name Column</dt>
<dd>
<p>The name of the column that contains the list of users inside the user table. The default value is <code>userid</code>.</p>
</dd>
<dt>Password Column</dt>
<dd>
<p>The name of the column that contains the respective user's password in the user table. The default value is <code>password</code>.</p>
</dd>
<dt>Group Table</dt>
<dd>
<p>The name of the group table in the database. The default value is <code>grouptable</code>.</p>
</dd>
<dt>Group Name Column</dt>
<dd>
<p>The name of the group name column in the database's group table. The default value is <code>groupid</code>.</p>
</dd>
</dl>
<p>The following optional properties are available for a JDBC realm.</p>
<dl>
<dt>Assign Groups</dt>
<dd>
<p>A comma-separated list of group names. All clients who present valid certificates are assigned to these groups, for example, <code>employee,manager</code>, where these are the names of user groups.</p>
</dd>
<dt>Database User</dt>
<dd>
<p>Allows you to specify the database user name in the realm instead of the <code>jdbc-connection-pool</code>. This prevents other applications from looking up the database, getting a connection, and browsing the user table. By default, the <code>jdbc-connection-pool</code> configuration is used.</p>
</dd>
<dt>Database Password</dt>
<dd>
<p>Allows you to specify the database password in the realm instead of the <code>jdbc-connection-pool</code>. This prevents other applications from looking up the database, getting a connection, and browsing the user table. By default, the <code>jdbc-connection-pool</code> configuration is used.</p>
</dd>
<dt>Digest Algorithm</dt>
<dd>
<p>(Optional) Specifies the digest algorithm. The default is <code>SHA-256</code>. You can use any algorithm supported in the JDK, or none.</p>

<hr>
<p><b>Note:</b></p>
<p>In versions of Payara Server prior to 4.0, the default algorithm was <code>MD5</code>. If you have applications that depend on the <code>MD5</code> algorithm, you can override the default <code>SHA-25</code> algorithm by using the <code>asadmin set</code> subcommand:</p>
<pre>
asadmin&gt; <b>set server.security-service.property.default-digest-algorithm=MD5</b>
</pre>
<p>You can use the <code>asadmin get</code> subcommand to determine what algorithm is currently being used:</p>
<pre>
asadmin&gt; <b>get server.security-service.property.default-digest-algorithm</b>
</pre>
<p>Also note that, to maintain backward compatibility, if an upgrade is performed from Payara Server v2.<i>x</i> or v3.0.<i>x</i> to Payara Server 4.0, the default algorithm is automatically set to <code>MD5</code> in cases where the digest algorithm had not been explicitly set in the older Payara Server version.</p>

<hr>

</dd>
<dt>Password Encryption Algorithm</dt>
<dd>
<p>The algorithm for encrypting passwords stored in the database.</p>

<hr>
<p><b>Note:</b></p>
<p>It is a security risk not to specify a password encryption algorithm.</p>

<hr>

</dd>
<dt>Encoding</dt>
<dd>
<p>The encoding. Allowed values are <code>Hex</code>, <code>Base64</code> and <code>Hashed</code>. If <code>digest-algorithm</code> is specified, the default is <code>Hex</code>. If <code>digest-algorithm</code> is not specified, by default no encoding is specified.</p>
<p>If the encoding is <code>Hashed</code>, passwords in the database are assumed to be in format MD5(username:realm:password).</p>
</dd>
<dt>Charset</dt>
<dd>
<p>The charset for the digest algorithm.</p>
</dd>
</dl>


<small>Copyright &#169; 2005, 2017, Oracle and/or its affiliates. All rights reserved. <a href="docinfo.html">Legal Notices</a></small>
<small>Portions Copyright &#169; [2017-2020] Payara Foundation and/or affiliates.</small>
